There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule.



Similar documents
RONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania (215) (215) (Fax) childproviderlaw.

SDC-League Health Fund

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03)

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA Privacy Policies & Procedures

HIPAA Employee Training Guide. Revision Date: April 11, 2015

Schindler Elevator Corporation

DISCLAIMER HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

UNITED CEREBRAL PALSY OF NORTHWEST MISSOURI NOTICE OF PRIVACY PRACTICES EFFECTIVE DATE: OCTOBER 22, 2014

USES AND DISCLOSURES OF HEALTH INFORMATION

Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

Notice of Privacy Practices

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices

Privacy Notice. The Plan s duties with respect to health information about you

HomeCare Rehab and Nursing, LLC (HCRN) (DBA - Baker Rehab Group) Notice of Privacy Practice

Gaston County HIPAA Manual

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

HIPAA Privacy Summary for Fully-insured Employer Groups

Notice of Privacy Practices

Connecticut Carpenters Health Fund Privacy Notice

The Basics of HIPAA Privacy and Security and HITECH

Population Health Management Program Notice of Privacy Practices

Population Health Management Program Notice of Privacy Practices from Evolent Health

Birkam Health Center Ferris State University NOTICE OF PRIVACY PRACTICES

HIPAA NOTICE TO PATIENTS

Patterson Dental Supply, Inc. Sample HIPAA Notice of Privacy Practices for its Dental Practice Customers. Last Updated April 1, 2010

HIPAA BUSINESS ASSOCIATE AGREEMENT

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices

Connecticut Pipe Trades Health Fund Privacy Notice Restatement

Health Information Privacy Refresher Training. March 2013

HIPAA Privacy Notice

APPENDIX 1: Frequently Asked Questions

Privacy Notice Document (HIPAA)

HIPAA MANUAL. Most health plans and health care providers that are covered by the new Rule must comply with the new requirements by April 14, 2003.

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

HIPAA PRIVACY AND EDI RULES

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Policies and Procedures

Cooper Dental Group Notice of Privacy Practices

Northport Health Services of Florida, LLC d/b/a Ocala Health and Rehabilitation Center 1201 Southeast 24 th Road Ocala, FL

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013

HIPAA Privacy Summary for Self-insured Employer Groups

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019

HealthStream Regulatory Script

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES (NPP)

HIPAA BUSINESS ASSOCIATE AGREEMENT

ELECTRONIC HEALTH RECORDS

Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

HIPAA PRIVACY POLICIES AND PROCEDURES

Notice of Privacy Practices

HIPAA NOTICE OF PRIVACY PRACTICES

HIPAA Orientation. Health Insurance Portability and Accountability Act

Detailed Notice of Privacy Practices Effective Date: September 20, 2013

Patti Levin, LICSW, Psy.D. Clinical Psychologist

ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016

Chief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL

Notice of Privacy Practices. Human Resources Division Employees Benefits Section

NOTICE OF PRIVACY PRACTICES

Business Associate Agreement

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

Notice of Privacy Practices for Protected Health Information (PHI)

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

DISCLAIMER. HIPPAA Notice of Privacy. HIPAA Notice of Privacy Practices Printable PDF. Effective November 1, 2015

Notice of Privacy Practices

SUMMARY OF THE HIPAA PRIVACY RULE

NOTICE OF PRIVACY POLICY. Effective:, 2013

Transcription:

Introduction This course is on the federal HIPPA rule. HIPAA is the Health Insurance Portability and Accountability Act. It is the federal rule that sets standards for the protection of health information. Make sure you read all slides in this program carefully. There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule. Privacy Rule - The Privacy Rule addresses the use and disclosure of an individual s (patient) health information (known as protected health information). Transaction Rule - This section affects billing departments both at the agency and other businesses such as an insurance company. Security Rule - This section protects health information from loss or destruction and restricts unauthorized access. What Does the Rule Mean to You? - The bottom line to remember is that you cannot share any information whatsoever about your patients, nothing, not their names, where they live, or anything about their care, with anyone who is not authorized to get this information. What is the main purpose of HIPAA? The main purpose of HIPAA is to protect the patient. Who is covered by HIPAA? Health Plans All individual and group plans that provide or pay the cost of medical care. Health Providers Every health care provider, including home care and hospice staff (this means you and everyone you work with) are considered covered entities. Business Associates Certain business associates of the health care providers are also covered under the privacy rules. What Information are Protected? The Privacy Rule protects all individually identifiable health information in any form whether electronic, paper (written) or oral (verbal). What Information is protected? Information the doctors, nurses and other health care provides put in the medical record. Conversations the doctor or other health care professional has about the patient s care or treatment with nurses, home health aides and others. Information about the patients that is held by the insurance company.

What is Individually Identifiable Information? Protected information basically is any information that identifies the individual or her family. Can I talk about my patients if I don t use their names? No. It is simply too easy to identify a patient with or without a name. What can happen if you don t comply with the privacy rules? You could lose your job and face criminal penalties. What Rights Does the Privacy Rule give the patient over her health information? The patient has the right to: Ask to see and get a copy of her health records Have corrections added to her health information Receive notice that tells her how her health information may be used and shared Decide if she wants to give permission before her health information can be used or shared The patient also has the right to an accounting of disclosures of her personal health information. According to the privacy rule, patients can ask to see what disclosures have been made during the past six years only. General Principal for Uses and Disclosures A covered entity (you and everyone you work with and most of the companies that work with your agency) may not use or disclose protected health information except: (1) as the Privacy Rule permits or requires; or (2) as the individual who is subject of the information (or the individual s personal representative) authorizes in writing. A covered entity must disclose protected health information in only two situations: (1) to individuals (or their personal representatives) specifically when they request access to, or an accounting or disclosures of, their protected health information; and (2) to state and federal agencies when the agency is undertaking a compliance investigation or review or enforcement action. A covered entity (including you and the home care staff) can disclose protected health information, without an individual s authorization, only: (1) To the individual; (2) for Treatment, Payment and Health Care Operations; (3) Opportunity for the patient to Agree or Object; (4) Incidental to an otherwise permitted use and disclosure; (5) for Public Interest and Benefits Activities; and (6) Limited data Set for the purpose of research, public health or health care operations.

Authorized Uses and Disclosures Authorization A covered entity must obtain the individual s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule. A covered entity may not condition treatment, payment, enrollment or benefits eligibility on an individual granting an authorization, except in limited circumstances. Authorization must be written in specific terms. It may allow use and disclosure of protected health information by the covered entity seeking the authorization, or by a third party. All authorizations must be in plain language, and contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, and other data. Limiting Uses and Disclosures to the Minimum Necessary A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request. Notice and Other Individual Rights Each covered entity, with certain exceptions, must provide a notice of its privacy practices. The notice must describe the ways in which the covered entity may use and disclose protected health information. The privacy notice must be given to the patient: not later than the first service encounter; by posting the notice at each service delivery site in a clean and prominent place. In an emergency treatment situation, the provider must furnish its notice as soon as practical after the emergency abates. (For home care notice is usually given by the nurse at the initial visit.) A covered health care provider must make a good faith effort to obtain written acknowledge from patients of receipt of the privacy notice. The provider must document the reason for any failure to obtain the patient s written acknowledgement. The provider is relieved of the need to request acknowledge in an emergency treatment situation. Except in certain circumstances, the individuals have the right to review and obtain a copy of their protected health information. The individual has the right to have the covered entity amend their protected health information in a designed record set when the information is inaccurate or complete. If the request by the individual is denied, the covered entity must provide the individual with a written denial and allow the individual to submit a statement of disagreement for inclusion in

the record. A covered entity must disclose protected health information to the individual within 30 days upon request. Individuals have a right to an accounting of the disclosures of their protected health information. The maximum disclosure accounting period is the six years immediately preceding the accounting request. Individuals have the right to request that a covered entity restrict use or disclosure of protected health information. A covered entity is under no obligation to agree to request for restrictions. A covered entity that does agree must comply with the agreed restrictions, except for purposes of treating the individual in a medical emergency. Health plans and covered health care providers must permit individuals to request an alternative means or location for receiving communications or protected health information by means other than those that the covered entity typically employs. The covered entity must have the following: Privacy Policies and Procedures, Privacy Policies, Workforce Training and Management Policies; Mitigation policy (must mitigate, to the extent possible, any harmful effects it learns were caused by the use or disclosure of protected health information), data safeguards, complaint procedure, retaliation and waiver (covered entity must not retaliate against a person for exercising his/her privacy rights, documentation and record retention and fully insured group health plan exception.) The Privacy Rule requires a covered entity to treat a personal representative the same as the individual. A personal representative is a person legally authorized to make health care decisions on an individual s behalf or act for a deceased individual or the estate. The Privacy Rule permits an exception when a covered entity has a reasonable belief that the personal representative may be abusing or neglecting the individual or that treating the person as the personal representative advises, could otherwise endanger the individual. In most cases, parents are the personal representatives for their minor children. In certain circumstances the parent is not considered the personal representative. In these situations, the Privacy Rule defers to the State or other law to determine the rights of parents to access control. For more information go to the CMS website at: www.hhs.gov/ocr/privacy.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information